The problem of loop detection and prevention in networks has been studied quite well in the prior art.
JP2007235691A2 describes a solution for detecting loops in a MAC bridge network. A test frame is transmitted from a testing apparatus to the MAC bridge network, and when the test frame is returned to the testing apparatus, a loop generating direction judgment apparatus is started, which judges whether the loop exists and in which direction. The described solution requires a preliminary stage of generating packets which create excessive traffic in the network.
US2004218539A discusses a technique for managing loops between network devices such as customer and carrier edge devices, which involves monitoring the MAC moves that occur at a device to detect the existence of a loop and initiating a loop protection action if the MAC moves indicate that a loop exists. The number of MAC moves that indicates the existence of a loop is user programmable and pre-established in the device configuration. The number of MAC moves can be expressed as a MAC move threshold, which is defined in terms of, for example, a MAC move rate or a number of MAC moves. Typically, the loop protection action that is initiated in response to a detected loop involves blocking the flow of the looping packets at the corresponding device.
The solution allows detecting loops which already exist. However, the number of such loops can be huge so that the damage of having these loops in the network is essential and sometimes critical, while treatment of each and every loop endlessly appearing in the network can be practically impossible.
Each of the above prior art solutions tries to solve its specific problem, and all of them do it in their different ways. However, there is a problem which is quite known to specialists in the field, namely—how to cope with loops in large network systems which comprise one or more so-called core (transport) networks and a plurality of customers' access networks.
US2007086361A describes a technique where a Provider Link State Bridging (PLSB) expands static configuration of Ethernet MAC forwarding tables by the control plane and utilizes direct manipulation of Ethernet forwarding by a link state routing system. Bridges exchange state information by a link state bridging protocol so that a synchronized configured view of the network is shared between nodes. Each node can calculate shortest path connective between peer bridging nodes and populate the appropriate forwarding tables. A reverse path forwarding check is performed on incoming packets to provide loop suppression. For example, a source check module processes incoming packets and performs a lookup in the FIB (MAC forwarding table) to determine if the received port coincides with the port identified in the FIB for the particular Source MAC. If the received port/Source MAC does not match the expected port/Source MAC, the packet is discarded.
The above solution seems to be applicable to large networks and could be good but, in practice, complex systems are not provided with a common control plane for loop protection which would cover the whole system, though specific networks of the system may locally use their separate loop preventing mechanisms (like RSTP, etc.). As a result, such systems are very sensitive to loops formed at edge nodes interconnecting different networks.
Some other prior art references propose solutions concerning security (levels of authorizing) in networks, which aspects have nothing in common with the problem of preventing loops.
For example, US2007002899A describes a system having a local area network, and software to automatically evaluate a network layer address, a lower layer address, a network port identifier, and/or a domain name of an equipment interface that is to be connected to the network. The software is to determine whether one of these matches an expected value for the network. The software is to provide a credential for each equipment interface that is authorized to connect to the network and that has been authenticated by the software. The credential contains a lower layer address, a network layer address, a domain name, and a network port identifier. Other embodiments are also described and claimed. For example, a network port locking process configures a network port, to allow use of the network resources by successfully mapped equipment interface MAC addresses only. This results in denying access to all other interfaces that are deemed to be violators. If a violation is encountered, a port may be configured to shutdown. Additionally, the MAC addresses of violators may be detected on the ports, and can be tracked through the use of violator credentials that are written to a database for subsequent usage.
The solution of US2007002899A requires mapping of each and every device/interface in the network as being authorized/non-authorized for connecting to a particular port. In other words, a central data base and specific mapping order per device are required for performing so-called admission control. The method is applicable for a limited network such as an enterprise network where such a mapping is possible and where shutting down of a specific port cannot affect other associated networks.